SSO [email protected] account expiry

The other day I hit the “Associated user’s password is expired” when trying to login to my SSO as the [email protected] account.

You can just reset the password for the account as per VMware KB 2035864. However, on vSphere 5.1 this causes some confusion over the SSO user password and the so called master password (which never changes) – see this communities post for more info.

A quick and dirty fix for this (if you are running the vCenter with a SQL DB) follows.

  1. Take a backup of your RSA DB (if you don’t and you trash your DB then don’t complain to me :)).
  2. Open SQL Server Management Studio, expand the RSA DB, expand the Tables folder and find the dbo.IMS_AUTHN_PASSWORD_POLICY table.
  3. Right click and select Edit Top 200 Rows.
  4. Now edit the MAX_LIFE_SEC column (this is in seconds), so for example if you want to set it to 5 years it would be 157680000 (apparently you can set this to 0 for never expire).  I’m setting mine to 90000000 (1014 days).

  1. Restart the SSO service.
  2. Log back into the Web Client as [email protected]
  3. Go to Administration, Configuration, Policies tab.  It should now look like this:-

vCenter 5.1 Backups for SSO, SSL and MSSQL DB


When I upgraded to vCenter 5.1 and being the conscientious IT pro that I am 🙂 I made sure I had good backups for all the relevant bits to restore in case of an emergency.  This is not intended to replace a proper backup solution like Veeam Backup and Replication (which is an excellent bit of software which I actually use and highly recommend) but rather as a “belt and braces” supplement.

I have separated vCenter and MSSQL DB servers running on 2 VMs running Windows 2008 R2 (64bit).  My DB server is holding the vCenter, SSO (Single Sign On) and VUM (VMware Update Manager) databases.  Just to be clear here, this is not the vCenter Appliance.

Continue reading “vCenter 5.1 Backups for SSO, SSL and MSSQL DB”

vCloud Director Install and Setup – installing RabbitMQ


This is a continuation of a series of posts on vCloud Director Install and Setup and details the setup of RabbitMQ on Linux CentOS 6.4 (64 bit).

So again, referring to the official docs (, AMQP (Advanced Message Queuing Protocol), is an open standard for message queuing that supports flexible messaging.  vCloud Director can use AMQP Brokers for notifications about events in the cloud. Well that sounds very fancy and as I haven’t used this before lets go ahead and install an AMQP Broker.  As the documentation appears to recommend RabbitMQ for this broker service lets go ahead and download/install it.

Continue reading “vCloud Director Install and Setup – installing RabbitMQ”

vCloud Director Install and Setup – installing vCD


In this collection of posts I will go through a vCD Install and Configuration in a Lab environment.  This is mainly for my own notes but may be enough to help with getting started on the build of a proper production vCloud Director Installation.  The majority of the information in these posts is taken from the VMware Documentation pages.

The VMware vCD docs can be found here

Continue reading “vCloud Director Install and Setup – installing vCD”

vCloud Director Install and Setup – NFS Server

vCloud NFS server

I am installing and testing vCloud Director in my Lab and to make sure I can add more Servers into the Group I need to make sure there is some temporary storage that the Hosts will use.  The vCD docs recommend an NFS share that is several hundred gigabytes in size but as I’m building this for a lab I have used 150GB.

In this example I am using a Linux CentOS 6 (64 bit) VM.  You will need to install NFS and set the exports.  If you are running iptables then either disable it (fine for a Lab environment) or open the relevant ports from the relevant Hosts (which is the correct/secure way).

Continue reading “vCloud Director Install and Setup – NFS Server”

vCloud Director Install and Setup – SSL Certificates


This is a really simple step in configuring vCD and is required as the secure communication between clients and servers are an absolute requirement.  This step does require you to have created your vCD Member Server and have installed the “vmware-vcloud-director-5.1.1-868405.bin” binary exectuable.  This installs the “keytool” utility in /opt/vmware/vcloud-director/jre/bin/keytool and according to the docs certificates created with a “keytool” from another source are not supported.

Each member of a vCD Group requires two IP Addresses (one for the HTTP Service and one for the Console Proxy Service).  Both of these IP addresses require SSL certs. You will also need to assign each IP address an FQDN for the SSL cert creation.  In this example we will just create self signed certs on a pre-built Linux CentOS 6.4 VM.

Continue reading “vCloud Director Install and Setup – SSL Certificates”

vCloud Director Install and Setup – Database Configuration


In vCloud Director Install and Setup – installing vCD I run through the install and setup of a vCloud Director Host.  This procedure requires an Oracle or MSSQL DB backend.  I opted for MSSQL as I am more familiar with it.  In this post I will go through the install and setup of the DB in preparation for use with vCloud Director.

Continue reading “vCloud Director Install and Setup – Database Configuration”